Every month I write a few articles for MSExchange.org’s Knowledge Base section. These are short tips and tricks that help you better manage your Exchange environment.
The first new KB article is a handy tip I find useful on a regular basis – how to quickly store settings I think I might need and then quickly retrieve and compare them:
How to store Exchange settings before making changes
Second up, it’s a simple tip that might be useful if you’ve just had an audit and TMG is showing that it’s not configured optimally:
Disabling SSL 2.0 on your OWA website published by TMG
As always there’s more Knowledge Base tips awaiting publication, so stay tuned for a few more due out any day!
Steve,
I’ve been following your blog for a month or two now – very nice work!
Anyhow, just this spring, we mitigated our most blatant SSL faux pas – insecure TLS renegotiation, SSLv2, and BEAST.
Along that same thread, I suspect you might be close enough to the right people to get a straight answer as to cookie handling. We haven’t yet set the secure flag (but hope to soon), but I’ve read that setting httponly breaks certain OWA scripts and is “by design”. Can you speak to this any? Or run it up to the right people?
Again, thanks for all you do – and thanks for the recent heads up to MS13-061.
Dustin
Hi Dustin,
Pop me an email (steve@stevieg.org) with a detailed question and I’ll forward it on. I can’t promise an answer from the right people, but will do my best.
Steve
We disabled SSL v2 on our TMG servers and then active sync on Nokia mobiles with Symbian OS is not working. Any clues?